Cracked the encryption key to the chips used in French bank cards (2000) [5]

Cracked the security on chips used in German phone cards with losses of 34 million dollars (1998) [6]

If RFID tags are included in millions of California state-issued identification documents without proper protections, the harm to privacy, personal safety, and financial security could be astronomical.

Myth: SB 30's standards are unreasonable.

Fact: The standards are not only reasonable, but they are already used by the federal government to protect private information. The security standards proposed in SB 30 are the same standards required by the U.S. Department of Commerce for federal agencies to follow when buying technology to protect unclassified personal information. Thus, SB 30 merely ensures that California is providing the same level of privacy protection to its residents that the federal government provides to its employees. RFID vendors are already in compliance with the federal standards; it is not unreasonable to require them to continue to be in compliance with these standards to do business with the state of California.

Myth: SB 30 is costly.

Fact: SB 30 has no current costs because it grandfathers all systems in use prior to January 1, 2008, and it does not mandate any future costs. In fact, SB 30 will likely save the state money by ensuring that any state-issued RFID identification documents will be more secure. Just like you put a lock on your door to keep your things from being stolen, California should likewise make sure that your personal information is protected so as to avoid identity theft. SB 30 provides this protection, and thereby helps avoid the huge costs associated with upgrading breached systems and replacing millions of hacked identification cards.

Myth: These chips can only be read from a few inches away.

Fact: The information on these chips can be read much farther away than the "intended" read range quoted by manufacturers. The U.S. State Department demonstrated that a passive chip intended to only be readable from 4 inches away could be read from 2-3 feet away. A February 2004 National Institute of Standards and Technology report stated that these chips could be read from as far as 20 feet away. In August 2005, Los Angeles-based Flexilis set a world record by reading an RFID tag from 69 feet away. Reader technology is only going to get more powerful in the future.

Fact: The information on passive chips can still be read by any reader. While a passive chip does not have its own power source, it still automatically transmits its information whenever any reader "wakes it up" by sending a radio frequency.

Myth: No added protections are necessary if the chip only has a unique identifier number.

Fact: A unique identifier number does not solve the privacy, safety, or security problems of RFID. Your Social Security Number (SSN) is also just a unique number, but you would never announce it to a passerby on the street because it can be used to steal your identity. Likewise, an RFID unique identifier represents valuable information for hackers, as it can be used to clone an ID card, or to access the database where your personal information is stored. Also, a unique RFID identifier may ultimately suffer from "mission creep." Like the SSN, it may quickly be used in ways never considered when first created. The anonymous RFID identifier of today may turn into the indispensable ID number of tomorrow, making it even more valuable for hackers.

Myth: RFID technology makes us safer by protecting us from terrorism.

Fact: RFID systems have inherent security flaws which are easily exploited by criminals, including terrorists, and its inclusion in passports and other identifying documents does nothing to protect the country from terrorism and may make us more vulnerable The use of RFID in an identification card is only a means of transporting data between the card and the card reader; it does not add to the security of the identification system and certainly does not prevent terrorism. In fact, RFID systems are less secure, because when you broadcast your identification over radio waves, you make yourself vulnerable to electronic eavesdropping and identity theft-both of which can be more easily prevented with non-RFID identification systems. Preventing terrorism is an enormously complex problem and RFID technology is not the solution.

As we did last year and the year before, EFF welcomes the winter season with a new wishlist of some things we'd love to have happen for the holidays—for us and for all Internet users. These are some of the actions we'd most like to see from companies...

The paper, which included signatures from the American Civil Liberties Union, Electronic Frontier Foundation and, among others, Big Brother Watch, said the RFID systems may have “potential” (.pdf) health risks, too. “RFID systems emit electromagnetic radiation, and there are lingering questions about whether human health might be affected in environments...

The American Civil Liberties Union, the Liberty Coalition, the Electronic Frontier Foundation and several other civil liberties, privacy and labor groups last week urged Congress to reject the Legal Workforce Act of 2011.

The American Civil Liberties Union and the Electronic Frontier Foundation see more nefarious implications of the instruments, known as Radio Frequency Identification Devices. The groups wrote Tuesday to the inspector general for the U.S. Department of Health and Human Services, asking questions about the decision to track little kids with...

San Francisco - The ACLU of Northern California (ACLU-NC) and the Electronic Frontier Foundation (EFF) are calling for answers to critical privacy and safety questions that loom over a controversial federal program to track preschoolers with radio frequency identification (RFID) chips at George Miller III Head Start program in Richmond...

Scary news from California's Contra Costa County — school officials there have reportedly decided to track some preschoolers with RFID chips, thanks to a federal grant supplying the funding. According to a story from the Associated Press, the students will wear a jersey at school that has the...

That thinking is flawed, says Lee Tien, a senior attorney and surveillance expert with the Electronic Frontier Foundation, which opposes RFID in identity documents. It won't take a massive government project to build reader networks around the country, he says: They will grow organically, for commercial purposes, from convention centers...